diff options
author | Alexei Starovoitov <ast@fb.com> | 2017-12-15 02:55:14 +0100 |
---|---|---|
committer | Daniel Borkmann <daniel@iogearbox.net> | 2017-12-17 20:34:36 +0100 |
commit | 60b58afc96c9df71871df2dbad42037757ceef26 (patch) | |
tree | 5651c4845120fc28c9712f53f31962adfd4abe73 /arch/arm64/net | |
parent | bpf: add support for bpf_call to interpreter (diff) | |
download | linux-60b58afc96c9df71871df2dbad42037757ceef26.tar.xz linux-60b58afc96c9df71871df2dbad42037757ceef26.zip |
bpf: fix net.core.bpf_jit_enable race
global bpf_jit_enable variable is tested multiple times in JITs,
blinding and verifier core. The malicious root can try to toggle
it while loading the programs. This race condition was accounted
for and there should be no issues, but it's safer to avoid
this race condition.
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Diffstat (limited to 'arch/arm64/net')
-rw-r--r-- | arch/arm64/net/bpf_jit_comp.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/arm64/net/bpf_jit_comp.c b/arch/arm64/net/bpf_jit_comp.c index ba38d403abb2..288137cb0871 100644 --- a/arch/arm64/net/bpf_jit_comp.c +++ b/arch/arm64/net/bpf_jit_comp.c @@ -844,7 +844,7 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog) int image_size; u8 *image_ptr; - if (!bpf_jit_enable) + if (!prog->jit_requested) return orig_prog; tmp = bpf_jit_blind_constants(prog); |